package com.xt.mes.config.security;

import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.web.SecurityFilterChain;

/**
 * @program: demo
 * @Description 配置
 * @Date 2023/3/8
 */
@Configuration
@EnableWebSecurity
@EnableMethodSecurity//开启注解权限配置
public class SecurityConfig {



    @Bean
    public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
        return http.authorizeHttpRequests(authorize-> {
                    try {
                        authorize
                                // 放行登录接口
                                .requestMatchers("/login").permitAll()
                                // 放行资源目录
                                .requestMatchers("/static/**", "/resources/**","/doc.html","/webjars/**","/v3/api-docs/**")
                                .permitAll()
                                // 其余的都需要权限校验
                                .anyRequest().authenticated();
//                                .csrf(csrf -> csrf.disable()); // 防跨站请求伪造
                    } catch (Exception e) {
                        throw new RuntimeException(e);
                    }
                }
        ).build();
    }



}